Merge branch 'rawhide' into epel7

- Fix two path traversal issues in awstat.pl - CVE-2017-1000501 (#1529349)

.gitignore

@@ -7,5 +7,3 @@ awstats-7.0.tar.gz
 /awstats-7.6.tar.gz
 /awstats-7.7.tar.gz
 /awstats-7.8.tar.gz
-/awstats-7.9.tar.gz
-/awstats-8.0.tar.gz

awstats-7.0-httpd-2.4.patch

@@ -1,6 +1,7 @@
---- awstats-7.9/tools/httpd_conf.orig	2014-09-23 09:16:09.000000000 +0200
-+++ awstats-7.9/tools/httpd_conf	2023-01-18 23:30:18.097762242 +0100
-@@ -10,20 +10,26 @@
+diff -up awstats-7.0/tools/httpd_conf.http-2.4 awstats-7.0/tools/httpd_conf
+--- awstats-7.0/tools/httpd_conf.http-2.4	2012-11-16 16:11:07.612386681 +0100
++++ awstats-7.0/tools/httpd_conf	2012-11-16 16:44:24.921755562 +0100
+@@ -10,20 +10,33 @@
  
  #
  # Directives to add to your Apache conf file to allow use of AWStats as a CGI.
@@ -27,7 +28,14 @@
 -    Order allow,deny
 -    Allow from all
 +    <IfModule mod_authz_core.c>
++        # Apache 2.4	
 +        Require local
++    </IfModule>
++    <IfModule !mod_authz_core.c>
++        # Apache 2.2
++        Order allow,deny
++        Allow from 127.0.0.1
++        Allow from ::1
 +    </IfModule>
  </Directory>
 +# Additional Perl modules

awstats-CVE-2020-35176.patch

@@ -0,0 +1,20 @@
+diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
+index e709b7f5..8341c0a5 100755
+--- a/wwwroot/cgi-bin/awstats.pl
++++ b/wwwroot/cgi-bin/awstats.pl
+@@ -1711,13 +1711,13 @@ sub Read_Config {
+ 	# Check config file in common possible directories :
+ 	# Windows :                   				"$DIR" (same dir than awstats.pl)
+ 	# Standard, Mandrake and Debian package :	"/etc/awstats"
+-	# Other possible directories :				"/usr/local/etc/awstats", "/etc"
++	# Other possible directories :				"/usr/local/etc/awstats",
+ 	# FHS standard, Suse package : 				"/etc/opt/awstats"
+ 	my $configdir         = shift;
+ 	my @PossibleConfigDir = (
+ 			"$DIR",
+ 			"/etc/awstats",
+-			"/usr/local/etc/awstats", "/etc",
++			"/usr/local/etc/awstats",
+ 			"/etc/opt/awstats"
+ 		); 
+ 

awstats-CVE-2022-46391.patch

@@ -0,0 +1,13 @@
+diff --git a/wwwroot/cgi-bin/plugins/hostinfo.pm b/wwwroot/cgi-bin/plugins/hostinfo.pm
+index 95b2c20b7..1f0ac6994 100644
+--- a/wwwroot/cgi-bin/plugins/hostinfo.pm
++++ b/wwwroot/cgi-bin/plugins/hostinfo.pm
+@@ -181,7 +181,7 @@ sub BuildFullHTMLOutput_hostinfo {
+ 
+ 	&tab_head("Full Whois Field",0,0,'whois');
+ 	if ($w && $w->response()) {
+-		print "<tr><td class=\"aws\"><pre>".($w->response())."</pre></td></tr>\n";
++		print "<tr><td class=\"aws\"><pre>".CleanXSS($w->response())."</pre></td></tr>\n";
+ 	}
+ 	else {
+ 		print "<tr><td><br />The Whois command failed.<br />Did the server running AWStats is allowed to send WhoIs queries (If a firewall is running, port 43 should be opened from inside to outside) ?<br /><br /></td></tr>\n";

awstats-awstats_path.patch

@@ -0,0 +1,38 @@
+From: Chris Caron <lead2gold@gmail.com>
+Date: Tue, 29 Nov 2016 20:33:53 -0500
+Subject: update default path to be more compatible with Linux distro
+Website: http://nuxref.com
+
+Make it so you don't have to pass in the -awstats=/path/to/awstats.pl
+every time any script is called.
+
+---
+
+diff -Naur awstats-7.4/tools/awstats_buildstaticpages.pl awstats-7.4.patched/tools/awstats_buildstaticpages.pl
+--- awstats-7.4/tools/awstats_buildstaticpages.pl	2014-09-23 03:16:09.000000000 -0400
++++ awstats-7.4.patched/tools/awstats_buildstaticpages.pl	2016-11-29 20:33:53.203777945 -0500
+@@ -299,6 +299,10 @@
+ # Check if AWSTATS prog is found
+ my $AwstatsFound=0;
+ if (-s "$Awstats") { $AwstatsFound=1; }
++elsif (-s "/usr/share/awstats/wwwroot/cgi-bin/awstats.pl") {
++	$Awstats="/usr/share/awstats/wwwroot/cgi-bin/awstats.pl";
++	$AwstatsFound=1;
++}
+ elsif (-s "/usr/local/awstats/wwwroot/cgi-bin/awstats.pl") {
+ 	$Awstats="/usr/local/awstats/wwwroot/cgi-bin/awstats.pl";
+ 	$AwstatsFound=1;
+diff -Naur awstats-7.4/tools/awstats_updateall.pl awstats-7.4.patched/tools/awstats_updateall.pl
+--- awstats-7.4/tools/awstats_updateall.pl	2014-09-23 03:16:09.000000000 -0400
++++ awstats-7.4.patched/tools/awstats_updateall.pl	2016-11-29 20:34:58.026745752 -0500
+@@ -129,6 +129,10 @@
+ 	# Check if AWSTATS prog is found
+ 	my $AwstatsFound=0;
+ 	if (-s "$Awstats") { $AwstatsFound=1; }
++	elsif (-s "/usr/share/awstats/wwwroot/cgi-bin/awstats.pl") {
++		$Awstats="/usr/share/awstats/wwwroot/cgi-bin/awstats.pl";
++		$AwstatsFound=1;
++	}
+ 	elsif (-s "/usr/local/awstats/wwwroot/cgi-bin/awstats.pl") {
+ 		$Awstats="/usr/local/awstats/wwwroot/cgi-bin/awstats.pl";
+ 		$AwstatsFound=1;

awstats.spec

@@ -1,26 +1,33 @@
 Name:       awstats
-Version:    8.0
-Release:    2%{?dist}
+Version:    7.8
+Release:    3%{?dist}
 Summary:    Advanced Web Statistics
-# Automatically converted from old format: GPLv3+ - review is highly recommended.
-License:    GPL-3.0-or-later
-URL:        https://www.awstats.org/
-Source0:    https://downloads.sourceforge.net/project/awstats/AWStats/%{version}/awstats-%{version}.tar.gz
+License:    GPLv3+
+URL:        http://awstats.sourceforge.net
+Source0:    http://downloads.sourceforge.net/project/awstats/AWStats/%{version}/awstats-%{version}.tar.gz
 Source1:    %{name}.cron
 Patch0:     awstats-awredir.pl-sanitize-parameters.patch
 
 # fix configuration for httpd 2.4 (#871366)
-Patch1:     awstats-7.9-httpd-2.4.patch
+Patch1:     awstats-7.0-httpd-2.4.patch
+
+# https://github.com/eldy/awstats/pull/196/commits/0d4d4c05f8e73be8f71dd361dc55cbd52858b823.diff
+Patch2:     awstats-CVE-2020-35176.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=2150632
+# https://github.com/eldy/AWStats/commit/38682330e1ec3f3af95f9436640358b2d9e4a965.diff
+Patch3:     awstats-CVE-2022-46391.patch
 
 BuildArch:  noarch
 BuildRequires:  coreutils
 BuildRequires:  findutils
-BuildRequires:  perl-interpreter
+BuildRequires:  perl
 BuildRequires:  perl-generators
 BuildRequires:  recode
+Requires:   perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
 Requires:   perl-Net-IP, perl-Net-DNS, perl-Geo-IP
-Requires:   crontabs  
-Requires(post): perl-interpreter
+Requires:   crontabs
+Requires(post): perl
 
 # For systemd.macros
 BuildRequires:  systemd
@@ -50,8 +57,11 @@ http://localhost/awstats/awstats.pl
 
 %prep
 %setup -q
-%patch -P0 -p 1
-%patch -P1 -p 1
+%patch0 -p 1
+
+%patch1 -p 1
+%patch2 -p 1
+%patch3 -p 1
 
 # Fix style sheets.
 perl -pi -e 's,/icon,/awstatsicons,g' wwwroot/css/*
@@ -117,6 +127,7 @@ install -m 0750 -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/cron.hourly/%{name}
 # https://bugzilla.redhat.com/show_bug.cgi?id=1196549
 cd $RPM_BUILD_ROOT%{_datadir}/%{name}/wwwroot/icon
 for i in browser/adobe.png browser/seamonkey.png os/win*.png os/macos*.png cpu/intel.png cpu/ibm.png; do
+
   cp -v os/unknown.png $i
 done
 cd -
@@ -159,118 +170,23 @@ fi
 
 
 %changelog
-* Fri Jan 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 8.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
-
-* Sat Nov 22 2025 Tim Jackson <rpm@timj.co.uk> - 8.0-1
-* Update to 8.0
-
-* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 7.9-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
-
-* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 7.9-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
-
-* Thu Jul 25 2024 Miroslav Suchý <msuchy@redhat.com> - 7.9-6
-- convert license to SPDX
-
-* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.9-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
-
-* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.9-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.9-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7.9-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Wed Jan 18 2023 Tim Jackson <rpm@timj.co.uk> - 7.9-1
-- Version 7.9
-
-* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7.8-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Mon Jan 09 2023 Tim Jackson <rpm@timj.co.uk> - 7.8-9
+* Mon Jan 09 2023 Tim Jackson <rpm@timj.co.uk> - 7.8-3
 - Fix CVE-2022-46391 (rhbz #2150632)
 - Clean up spec file, removing conditionals for now-obsolete releases
 
-* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.8-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Mon May 30 2022 Jitka Plesnikova <jplesnik@redhat.com> - 7.8-7
-- Perl 5.36 rebuild
-
-* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.8-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.8-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 7.8-4
-- Perl 5.34 rebuild
-
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.8-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
 * Wed Dec 30 2020 Tim Jackson <rpm@timj.co.uk> - 7.8-2
 - Fix CVE-2020-35176
 
 * Fri Aug 07 2020 Tim Jackson <rpm@timj.co.uk> - 7.8-1
 - Version 7.8
 
-* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.7-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Fri Jun 26 2020 Jitka Plesnikova <jplesnik@redhat.com> - 7.7-10
-- Perl 5.32 re-rebuild of bootstrapped packages
-
-* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 7.7-9
-- Perl 5.32 rebuild
-
-* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.7-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.7-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 7.7-6
-- Perl 5.30 rebuild
-
-* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.7-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.7-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Wed Jun 27 2018 Jitka Plesnikova <jplesnik@redhat.com> - 7.7-3
-- Perl 5.28 rebuild
-
-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.7-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
 * Mon Jan 08 2018 Petr Lautrbach <plautrba@redhat.com> - 7.7-1
 - Version 7.7
 
-* Tue Jan 02 2018 Petr Lautrbach <plautrba@redhat.com> - 7.6-8
+* Tue Jan 02 2018 Petr Lautrbach <plautrba@redhat.com> - 7.6-4
 - Fix two path traversal issues in awstat.pl - CVE-2017-1000501 (#1529349)
 
-* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.6-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Fri Jul 14 2017 Petr Pisar <ppisar@redhat.com> - 7.6-6
-- perl dependency renamed to perl-interpreter manually
-  <https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules>
-
-* Thu Jul 13 2017 Petr Pisar <ppisar@redhat.com> - 7.6-5
-- perl dependency renamed to perl-interpreter
-  <https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules>
-
-* Sun Jun 04 2017 Jitka Plesnikova <jplesnik@redhat.com> - 7.6-4
-- Perl 5.26 rebuild
-
-* Tue May 30 2017 Petr Lautrbach <plautrba@redhat.com> - 7.6-3
+* Tue May 30 2017 Petr Lautrbach <plautrba@redhat.com> - 7.6-3.1
 - Revert "Move cron file to awstats-cron"
 
 * Tue May 23 2017 Petr Lautrbach <plautrba@redhat.com> - 7.6-2
@@ -280,54 +196,22 @@ fi
 * Wed Apr 12 2017 Petr Lautrbach <plautrba@redhat.com> - 7.6-1
 - version 7.6
 
-* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.4-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
-* Fri Jul 22 2016 Jitka Plesnikova <jplesnik@redhat.com> - 7.4-5
-- Fix FTBFS when perl is not in the SRPM build root
-
-* Sat May 14 2016 Jitka Plesnikova <jplesnik@redhat.com> - 7.4-4
-- Perl 5.24 rebuild
-
-* Thu Feb 25 2016 Petr Lautrbach <plautrba@redhat.com> 7.4-3
+* Tue Mar 01 2016 Petr Lautrbach <plautrba@redhat.com> 7.4-1
+- version 7.4
 - replace logos with Copyright and Trademark problem by unknown.png (#1196549)
 
-* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 7.4-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Fri Sep 11 2015 Petr Lautrbach <plautrba@redhat.com> 7.4-1
-- version 7.4
-
-* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.3-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Wed Jun 03 2015 Jitka Plesnikova <jplesnik@redhat.com> - 7.3-3
-- Perl 5.22 rebuild
-
-* Fri Sep 05 2014 Jitka Plesnikova <jplesnik@redhat.com> - 7.3-2
-- Perl 5.20 rebuild
+* Fri Sep 05 2014 Petr Lautrbach <plautrba@redhat.com> 7.3-2
+- bring back Requires: perl-Geo-IP
 
 * Wed Sep 03 2014 Petr Lautrbach <plautrba@redhat.com> 7.3-1
 - version 7.3
 
-* Tue Aug 26 2014 Jitka Plesnikova <jplesnik@redhat.com> - 7.2-2
-- Perl 5.20 rebuild
-
 * Mon Jun 09 2014 Petr Lautrbach <plautrba@redhat.com> 7.2-1
 - version 7.2
 
-* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.1.1-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-
 * Thu Oct 10 2013 Ralf Corsépius <corsepiu@fedoraproject.org> - 7.1.1-5
 - Add BR: systemd for systemd.macros (RHBZ #1017665).
 
-* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.1.1-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
-
-* Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 7.1.1-3
-- Perl 5.18 rebuild
-
 * Tue Apr 02 2013 Petr Lautrbach <plautrba@redhat.com> 7.1.1-2
 - add a missing requirement on crontab and fix (#947040)
 - add missing requirements (#908981)

sources

@@ -1 +1 @@
-SHA512 (awstats-8.0.tar.gz) = b14f820e2ea6895baa0034828bba422d2f0dadd70387f682c1e9f25a72d8817ecf91127e254d6c6e7e7c866e02860a05112b0ac4452da7e71b2d9a6f57f21d03
+SHA512 (awstats-7.8.tar.gz) = b532f74a8b420841b1ae7eea73fd341049925af01688a06114f53807c14c6a4edc4ca4f671b2b9c1aee8024ba25ccf69b6eae391250e5722d2fd719de4cf87e2